Configuring Multi-Factor Authentication (MFA) in eFinancePlus: Steps and Troubleshooting

We’ve enhanced account security in eFinancePlus by introducing standalone Multi-Factor Authentication (MFA). This added layer of protection requires users to verify their identity using a one-time code sent to their email, in addition to their password. With this enhancement, eFinancePlus helps districts reduce the risk of unauthorized access and better protect sensitive financial and employee data.

Why This Matters

Passwords alone are no longer enough to prevent modern security threats. MFA adds an extra verification step that:

• Protects against compromised passwords and phishing attacks

• Strengthens access security for sensitive system functions

• Supports compliance with state-mandated security standards, including:

  • Arkansas Act 846

  • New York Education Law 2-d

Prerequisites

To use Multi-Factor Authentication, users must have a valid email address that will be used to deliver the one-time verification code required during sign-in.

Additional Information

Multi-Factor Authentication can be enabled independently or used alongside Single Sign-On (SSO). This flexibility allows districts to choose the right security approach for different areas of the system, including:

• eFinancePlus Core

• Employee Access Center (EAC) (MFA will be done in upcoming releases)

• Vendor Punchout (MFA will be done in upcoming releases)

• Employee Timesheets (MFA will be done in upcoming releases)

Districts can mix and match MFA and SSO based on their security policies and user needs.

Introduction

This document describes the steps required to configure Multi-Factor Authentication (MFA) in eFinancePlus.

Steps to Enable MFA for a District

1. Generate an MFA key for the district in the Business Entity Details page.

2. Configure SMTP settings for the district.

3. Enable MFA for a specific profile in the Profile Details page.

Generate MFA Key for the District

1. Navigate to the Environment Maintenance page.

2. Select the business entity for which MFA needs to be enabled.

3. Select Generate Key.

4. Select the Save icon in the top-right corner to persist the changes.

Configure SMTP for district

1. Navigate to the Environment Maintenance page.

2. Select the business entity for which MFA needs to be enabled.

3. Select SMTP Configuration.

4. Enter the required details as described below:

   • Use Local Host:
     Select this option to use the local host for sending emails. When selected, all other fields will be disabled.

   • Server Address:
     Enter the SMTP server address.

   • Server Port:
     Enter the SMTP server port.

   • Use SSL:
     Select this option if SSL should be used.

   • Login ID:
     Enter the login ID for the SMTP server.

   • Login Domain:
     Enter the domain name.

   • Password:
     Enter the SMTP password.

   • Use Generic From:
     Select this option to use a generic email address.

   • Generic From Address:
     Enter the generic sender email address.

   • Generic From Name:
     Enter the generic sender name.

   • Generic Reply Allowed:
     Select this option if replies to the email should be allowed.

5. Save the configuration.

Enable MFA for a Specific Profile

1. Navigate to the Environment Maintenance page.

2. Select the business entity for which MFA needs to be enabled.

3. Select the entity profile where MFA should be applied.

4. Enable the option “Enable MFA for PowerSchool ERP.”

5. Enter the MFA Expiration (in minutes).

   • Allowed values range from 4 to 16 minutes.

   • This value determines the expiration time for the MFA code sent to the user.

6. Select Save.

Troubleshooting

1. Error Message: “MFA Key is not generated for the business entity” while saving in entity profile.

   1. This error means that you did not Generate MFA Key for the District. Review the steps above to resolve this issue.